Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a61633a3a2f34382d3438203d3e203137343531.roa
File:                     323430343a383030303a61633a3a2f34382d3438203d3e203137343531.roa (raw, json)
Hash identifier:          STSH9wIHBnonuAy4IF1Hik48fZRJ8vhBE0lhEKk6kJc=
Subject key identifier:   2B:EE:F5:71:3B:B7:0E:E2:C3:12:CF:64:18:2D:D8:FE:43:8F:EF:83
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       1B09F3A32444D09BE74C05371D594FEF697B152F
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a61633a3a2f34382d3438203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:48 +0000
ROA not before:           Wed 29 Sep 2021 23:55:48 +0000
ROA not after:            Fri 30 Sep 2022 00:00:48 +0000
asID:                     17451
IP address blocks:        2404:8000:ac::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:09:f3:a3:24:44:d0:9b:e7:4c:05:37:1d:59:4f:ef:69:7b:15:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:48 2021 GMT
            Not After : Sep 30 00:00:48 2022 GMT
        Subject: CN=3082010A0282010100C30703AF866BBCB87A05EC402D5E90F1590F040B68D4B3747E793C31C4AA550C8F0A9A1DF9B6EE5EADD444CF4BFD1A29157462F109A10CDA464FAB1D6B7380BE05800A5FB2E6B788F76C525D3DD446AC2FDFCA582E70840CC12F72CF5A92F07F21C14421C4B716AA971A577B5C1B5BF5986D11C66577DB3F0605B33C688044C071B51F403DDE2B1004BE8DBE64145E85EB786C33760A12AE890F8E88B509387A16CC266ADAA37416A3848A4A8070A6134C2FE3DA4D057D7C25132F6E0894AA01FA34BEBF24E41C3146624FBA71D8B7C583F1D7527AF93F63337B1A92B51B884DAFB7F3F79BA47735C65DB6EBBAAA222C07170795221BA8E85ADB435951281B710203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:07:03:af:86:6b:bc:b8:7a:05:ec:40:2d:5e:
                    90:f1:59:0f:04:0b:68:d4:b3:74:7e:79:3c:31:c4:
                    aa:55:0c:8f:0a:9a:1d:f9:b6:ee:5e:ad:d4:44:cf:
                    4b:fd:1a:29:15:74:62:f1:09:a1:0c:da:46:4f:ab:
                    1d:6b:73:80:be:05:80:0a:5f:b2:e6:b7:88:f7:6c:
                    52:5d:3d:d4:46:ac:2f:df:ca:58:2e:70:84:0c:c1:
                    2f:72:cf:5a:92:f0:7f:21:c1:44:21:c4:b7:16:aa:
                    97:1a:57:7b:5c:1b:5b:f5:98:6d:11:c6:65:77:db:
                    3f:06:05:b3:3c:68:80:44:c0:71:b5:1f:40:3d:de:
                    2b:10:04:be:8d:be:64:14:5e:85:eb:78:6c:33:76:
                    0a:12:ae:89:0f:8e:88:b5:09:38:7a:16:cc:26:6a:
                    da:a3:74:16:a3:84:8a:4a:80:70:a6:13:4c:2f:e3:
                    da:4d:05:7d:7c:25:13:2f:6e:08:94:aa:01:fa:34:
                    be:bf:24:e4:1c:31:46:62:4f:ba:71:d8:b7:c5:83:
                    f1:d7:52:7a:f9:3f:63:33:7b:1a:92:b5:1b:88:4d:
                    af:b7:f3:f7:9b:a4:77:35:c6:5d:b6:eb:ba:aa:22:
                    2c:07:17:07:95:22:1b:a8:e8:5a:db:43:59:51:28:
                    1b:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:EE:F5:71:3B:B7:0E:E2:C3:12:CF:64:18:2D:D8:FE:43:8F:EF:83
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a61633a3a2f34382d3438203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:8000:ac::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:05:2e:ac:96:a8:ef:9f:a5:3a:56:83:3d:5c:d4:fa:99:e9:
         11:9a:e4:84:96:73:ec:21:23:44:0e:ab:8f:0e:10:6f:99:60:
         09:6e:d1:bb:ed:f7:58:61:df:8c:8c:b4:0a:97:2a:89:7f:01:
         e9:e6:08:07:6d:53:0e:4b:3d:64:06:19:7c:b2:5c:73:c3:84:
         f2:d8:e4:d0:0f:40:c0:8d:a4:22:af:fb:b7:ec:5b:62:53:6c:
         44:09:89:04:4a:12:e4:6b:2c:b5:d7:bc:d4:78:4b:d2:02:b3:
         66:86:d2:09:5b:95:c5:f7:9a:b0:d8:99:db:51:18:15:fa:c8:
         79:5a:de:0c:98:fd:c5:5d:10:61:a3:f3:95:e3:3f:1f:73:e9:
         88:1d:52:ca:55:f4:19:c1:5d:86:33:1f:06:25:23:6f:e3:8b:
         5e:7e:70:82:53:33:07:7f:88:7e:f0:b5:6f:fa:0c:62:8d:6d:
         d3:71:be:f9:30:5a:8a:f5:0b:0b:34:55:b3:41:d9:91:ca:77:
         0f:1a:44:cc:3d:81:73:58:b0:03:3f:52:e2:12:3d:72:49:18:
         34:34:96:47:03:65:2f:3c:3d:a6:3a:bc:c6:0a:3b:b8:91:75:
         19:d5:27:1e:bf:f0:28:e5:3a:1a:89:80:be:8a:fc:2d:cb:81:
         86:95:96:12
-----BEGIN CERTIFICATE-----
MIIHKzCCBhOgAwIBAgIUGwnzoyRE0JvnTAU3HVlP72l7FS8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1NDhaFw0yMjA5MzAwMDAwNDhaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQzMwNzAzQUY4NjZCQkNCODdB
MDVFQzQwMkQ1RTkwRjE1OTBGMDQwQjY4RDRCMzc0N0U3OTNDMzFDNEFBNTUwQzhG
MEE5QTFERjlCNkVFNUVBREQ0NDRDRjRCRkQxQTI5MTU3NDYyRjEwOUExMENEQTQ2
NEZBQjFENkI3MzgwQkUwNTgwMEE1RkIyRTZCNzg4Rjc2QzUyNUQzREQ0NDZBQzJG
REZDQTU4MkU3MDg0MENDMTJGNzJDRjVBOTJGMDdGMjFDMTQ0MjFDNEI3MTZBQTk3
MUE1NzdCNUMxQjVCRjU5ODZEMTFDNjY1NzdEQjNGMDYwNUIzM0M2ODgwNDRDMDcx
QjUxRjQwM0RERTJCMTAwNEJFOERCRTY0MTQ1RTg1RUI3ODZDMzM3NjBBMTJBRTg5
MEY4RTg4QjUwOTM4N0ExNkNDMjY2QURBQTM3NDE2QTM4NDhBNEE4MDcwQTYxMzRD
MkZFM0RBNEQwNTdEN0MyNTEzMkY2RTA4OTRBQTAxRkEzNEJFQkYyNEU0MUMzMTQ2
NjI0RkJBNzFEOEI3QzU4M0YxRDc1MjdBRjkzRjYzMzM3QjFBOTJCNTFCODg0REFG
QjdGM0Y3OUJBNDc3MzVDNjVEQjZFQkJBQUEyMjJDMDcxNzA3OTUyMjFCQThFODVB
REI0MzU5NTEyODFCNzEwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAwwcDr4ZrvLh6BexALV6Q8VkPBAto1LN0fnk8McSqVQyPCpod+bbu
Xq3URM9L/RopFXRi8QmhDNpGT6sda3OAvgWACl+y5reI92xSXT3URqwv38pYLnCE
DMEvcs9akvB/IcFEIcS3FqqXGld7XBtb9ZhtEcZld9s/BgWzPGiARMBxtR9APd4r
EAS+jb5kFF6F63hsM3YKEq6JD46ItQk4ehbMJmrao3QWo4SKSoBwphNML+PaTQV9
fCUTL24IlKoB+jS+vyTkHDFGYk+6cdi3xYPx11J6+T9jM3sakrUbiE2vt/P3m6R3
NcZdtuu6qiIsBxcHlSIbqOha20NZUSgbcQIDAQABo4ICOTCCAjUwHQYDVR0OBBYE
FCvu9XE7tw7iwxLPZBgt2P5Dj++DMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGmBggrBgEFBQcB
CwSBmTCBljCBkwYIKwYBBQUHMAuGgYZyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjM0MzAzNDNhMzgzMDMwMzAzYTYxNjMzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAz
MTM3MzQzNTMxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAJASAAACsMA0GCSqGSIb3DQEBCwUAA4IBAQCk
BS6slqjvn6U6VoM9XNT6mekRmuSElnPsISNEDquPDhBvmWAJbtG77fdYYd+MjLQK
lyqJfwHp5ggHbVMOSz1kBhl8slxzw4Ty2OTQD0DAjaQir/u37FtiU2xECYkEShLk
ayy117zUeEvSArNmhtIJW5XF95qw2JnbURgV+sh5Wt4MmP3FXRBho/OV4z8fc+mI
HVLKVfQZwV2GMx8GJSNv44tefnCCUzMHf4h+8LVv+gxijW3Tcb75MFqK9QsLNFWz
QdmRyncPGkTMPYFzWLADP1LiEj1ySRg0NJZHA2UvPD2mOrzGCju4kXUZ1Scev/Ao
5ToaiYC+ivwty4GGlZYS
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:37:06 2024 by rpki-client on console-fra.rpki-client.org